[ On Mon, March 10, 1997 at 16:05:05 (+0000), Philip Hazel wrote: ]
> Subject: Re: pipe problem
>
> Exim has always used fork() + setuid() for all local delivery transport
> processes, both to pipes and files. There is no way you can configure it
> not to do this.
Sorry, I'd forgot about that....
> The only (optional) use of seteuid() is to become the exim user (rather
> than root) for the time from starting up to do deliveries to the time
> when it is necessary to become the local user before running the
> transport. Oh, yes, it may also use seteuid() when reading .forward
> files, it is true.
The .forward file was indeed the hook used in the smail compromise,
though I expect in exim the dangers would be far reduced to perhaps some
failure mode allowing some form of access to otherwise protected files,
such as /etc/shadow.
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>